February 2019 Security Bulletin for Android Released, New Patches Needed for Ubuntu 18.04, EU Recalls ENOX Safe-KID-One Smartwatches Due to Security Flaws, Raspberry Pi to Celebrate Its 7th Birthday with Jams March 2-3 and Some Fresh Snaps

News briefs for February 5, 2019.

Google yesterday released its February 2019 security bulletin for Android. Source code patches should be released to the Android Open Source Project (AOSP) repository soon. The most severe vulnerability is in Framework "that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process."

Evidently the patches released for Ubuntu 18.04 last week caused other inadvertent problems, and Canonical has released a new patch to fix those issues. ZDNet quotes the Ubuntu security team: "Unfortunately, that update introduced regressions with docking station displays and mounting ext4 file systems with the meta_bg option enabled." This bug also could effect Kubuntu, Xubuntu, Lubuntu, Linux Mint 19 and Linux Mint 19.1. The new patch replaces linux-image 4.15.0-44.47 with the fixed linux-image 4.15.0-45.48 kernel.

The EU orders a recall of ENOX Safe-KID-One smartwatches due to significant security flaws that allow third parties to track and call the watches, ZDNet reports. From the Rapid Alert System for Non-Food Products (RAPEX) alert: "The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed." In addition, "a malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS."

To celebrate its seventh birthday next month, the Raspberry Pi Foundation is coordinating several "Jams" all over the world: "Whether you're a Raspberry Pi user, club volunteer, avid forum question answerer, regular blog commenter, or brand-new community member, we want you to feel welcome! Look at the map, find a Jam near you, and meet the real-world Raspberry Pi community on 2 or 3 March."

The Ubuntu blog published a list of fresh snaps from January 2019. New snaps include OpenToonz, Eureka DOOM Editor, HexChat, Blender and much more. (All are available from the Snap store.)

Jill Franklin is an editorial professional with more than 17 years experience in technical and scientific publishing, both print and digital. As Executive Editor of Linux Journal, she wrangles writers, develops content, manages projects, meets deadlines and makes sentences sparkle. She also was Managing Editor for TUX and Embedded Linux Journal, and the book Linux in the Workplace. Before entering the Linux and open-source realm, she was Managing Editor of several scientific and scholarly journals, including Veterinary Pathology, The Journal of Mammalogy, Toxicologic Pathology and The Journal of Scientific Exploration. In a previous life, she taught English literature and composition, managed a bookstore and tended bar. When she’s not bugging writers about deadlines or editing copy, she throws pots, gardens and reads. You can contact Jill via e-mail, ljeditor@linuxjournal.com.

Load Disqus comments